Canceled recovery can lead to data loss

Details

Description

A recovery via index replication tells the update log to start buffering updates. If that recovery is canceled for whatever reason by the replica, the RecoveryStrategy calls ulog.dropBufferedUpdates() which stops buffering and places the UpdateLog back in active mode. If updates come from the leader after this point (and before ReplicationStrategy retries recovery), the update will be processed as normal and added to the transaction log. If the server is bounced, those last updates to the transaction log look normal (no FLAG_GAP) and can be used to determine who is more up to date.